SCF Advanced Search


Members
Stats
  • Total Posts: 31878
  • Total Topics: 9597
  • Online Today: 1392
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)











Author Topic: Replicant developers find and close Samsung Galaxy backdoor  (Read 2508 times)

0 Members and 1 Guest are viewing this topic.

Pez

  • SCF VIP Member
  • *****
  • Posts: 773
  • KARMA: 117
  • Gender: Male
  • Pez
Replicant developers find and close Samsung Galaxy backdoor

While working on Replicant, a fully free/libre version of Android, we discovered that the proprietary program running on the applications processor in charge of handling the communication protocol with the modem actually implements a backdoor that lets the modem perform remote file I/O operations on the file system.

This is a guest post by Replicant developer Paul Kocialkowski. The Free Software Foundation supports Replicant through its Working Together for Free Software fund. Your donations to Replicant support this important work.

Today's phones come with two separate processors: one is a general-purpose applications processor that runs the main operating system, e.g. Android; the other, known as the modem, baseband, or radio, is in charge of communications with the mobile telephony network. This processor always runs a proprietary operating system, and these systems are known to have backdoors that make it possible to remotely convert the modem into a remote spying device. The spying can involve activating the device's microphone, but it could also use the precise GPS location of the device and access the camera, as well as the user data stored on the phone. Moreover, modems are connected most of the time to the operator's network, making the backdoors nearly always accessible.

It is possible to build a device that isolates the modem from the rest of the phone, so it can't mess with the main processor or access other components such as the camera or the GPS. Very few devices offer such guarantees. In most devices, for all we know, the modem may have total control over the applications processor and the system, but that's nothing new.

While working on Replicant, a fully free/libre version of Android, we discovered that the proprietary program running on the applications processor in charge of handling the communication protocol with the modem actually implements a backdoor that lets the modem perform remote file I/O operations on the file system. This program is shipped with the Samsung Galaxy devices and makes it possible for the modem to read, write, and delete files on the phone's storage. On several phone models, this program runs with sufficient rights to access and modify the user's personal data. A technical description of the issue, as well as the list of known affected devices is available at the Replicant wiki.

Provided that the modem runs proprietary software and can be remotely controlled, that backdoor provides remote access to the phone's data, even in the case where the modem is isolated and cannot access the storage directly. This is yet another example of what unacceptable behavior proprietary software permits! Our free replacement for that non-free program does not implement this backdoor. If the modem asks to read or write files, Replicant does not cooperate with it.

Replicant does not cooperate with backdoors, but if the modem can take control of the main processor and rewrite the software in the latter, there is no way for a main processor system such as Replicant to stop it. But at least we know we have closed one specific backdoor.

The FSF encourages all current Samsung Galaxy owners to appeal publicly to SamsungMobile for an explanation (they can also be emailed). Samsung should release this program as free software, without the backdoor, so that Replicant doesn't have to continue defusing the traps they have apparently left for their users.


Original article: by Paul K   — Published on  Mar 12, 2014 04:50 PM

For even more info read here!
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing ! http://scforum.info/index.php/topic,8405.msg21475.html#msg21475

Samker's Computer Forum - SCforum.info

Sponsored Links:




Samker

  • SCF Administrator
  • *****
  • Posts: 7456
  • KARMA: 312
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Replicant developers find and close Samsung Galaxy backdoor
« Reply #1 on: 20. March 2014., 19:39:13 »
...

The FSF encourages all current Samsung Galaxy owners to appeal publicly to SamsungMobile for an explanation (they can also be emailed). Samsung should release this program as free software, without the backdoor, so that Replicant doesn't have to continue defusing the traps they have apparently left for their users.

...

I hope that this will compel Samsung to patch "the hole". ;)

Thanks P. :thumbsup:




Fintech

  • SCF VIP Member
  • *****
  • Posts: 345
  • KARMA: 43
  • Gender: Male
Re: Replicant developers find and close Samsung Galaxy backdoor
« Reply #2 on: 20. March 2014., 19:45:14 »
Truely great stuff @Pez, for me personally, truely not to be Samsug Galaxy's!  :up:
I'm old man but still alive as well :)

Samker

  • SCF Administrator
  • *****
  • Posts: 7456
  • KARMA: 312
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Replicant developers find and close Samsung Galaxy backdoor
« Reply #3 on: 20. March 2014., 19:48:18 »
Truely great stuff @Pez, for me personally, truely not to be Samsug Galaxy's!  :up:

I forgot to mention that I'm still using GALAXY S II.  :-\


Fintech

  • SCF VIP Member
  • *****
  • Posts: 345
  • KARMA: 43
  • Gender: Male
Re: Replicant developers find and close Samsung Galaxy backdoor
« Reply #4 on: 20. March 2014., 19:56:31 »
Thanks from your feedback @Samker! I hope however all the best for you. :bih:
Fin... ;)
I'm old man but still alive as well :)

devnullius

  • SCF VIP Member
  • *****
  • Posts: 3524
  • KARMA: 152
  • Gender: Female
    • SCForum.info
Re: Replicant developers find and close Samsung Galaxy backdoor
« Reply #5 on: 18. April 2014., 00:30:57 »
S3 owner wakes up...

Good share!

Awaiting my new China phone... Curious how that turns out :)
More information about bitcoin, altcoin & crypto in general? GO TO  j.gs/7385484/btc

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare... So why not get the real SCForum employees to help YOUR troubled computer!!! SCF Remote PC Assist http://goo.gl/n1ONa9

Pez

  • SCF VIP Member
  • *****
  • Posts: 773
  • KARMA: 117
  • Gender: Male
  • Pez
Re: Replicant developers find and close Samsung Galaxy backdoor
« Reply #6 on: 22. April 2014., 09:33:46 »
S3 owner wakes up...

Good share!

Awaiting my new China phone... Curious how that turns out :)

China phone! Built in the GrateWall. All messages and every thing if forward to the National Security of China. :D
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing ! http://scforum.info/index.php/topic,8405.msg21475.html#msg21475

devnullius

  • SCF VIP Member
  • *****
  • Posts: 3524
  • KARMA: 152
  • Gender: Female
    • SCForum.info
Re: Replicant developers find and close Samsung Galaxy backdoor
« Reply #7 on: 22. April 2014., 22:49:03 »
S3 owner wakes up...

Good share!

Awaiting my new China phone... Curious how that turns out :)

China phone! Built in the GrateWall. All messages and every thing if forward to the National Security of China. :D

Yeah, but they hate copyright too! So I don't mind ;-)
More information about bitcoin, altcoin & crypto in general? GO TO  j.gs/7385484/btc

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare... So why not get the real SCForum employees to help YOUR troubled computer!!! SCF Remote PC Assist http://goo.gl/n1ONa9

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising